github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.tf.go (about)

     1  package elasticsearch
     2  
     3  var terraformEnableDomainLoggingGoodExamples = []string{
     4  	`
     5   resource "aws_elasticsearch_domain" "good_example" {
     6     domain_name           = "example"
     7     elasticsearch_version = "1.5"
     8   
     9     log_publishing_options {
    10       cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
    11       log_type                 = "AUDIT_LOGS"
    12       enabled                  = true  
    13     }
    14   }
    15   `,
    16  }
    17  
    18  var terraformEnableDomainLoggingBadExamples = []string{
    19  	`
    20   resource "aws_elasticsearch_domain" "bad_example" {
    21     domain_name           = "example"
    22     elasticsearch_version = "1.5"
    23   }
    24   `, `
    25   resource "aws_elasticsearch_domain" "bad_example" {
    26     domain_name           = "example"
    27     elasticsearch_version = "1.5"
    28   
    29     log_publishing_options {
    30       cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
    31       log_type                 = "AUDIT_LOGS"
    32       enabled                  = false  
    33     }
    34   }
    35   `,
    36  }
    37  
    38  var terraformEnableDomainLoggingLinks = []string{
    39  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#log_type`,
    40  }
    41  
    42  var terraformEnableDomainLoggingRemediationMarkdown = ``